Cybersecurity in Rail, Infrastructure and Transport

The smart railway market is estimated to grow to $20.6 billion by 2021. Whilst this offers an increasingly intelligent experience for passengers, it signifies the increases in cybersecurity risks to technical advances throughout the transport industry.

As part of critical national infrastructure, a cyber-attack on a rail, infrastructure or transport organisation is likely to be classed as a Category 1, the highest level defined by the National Cyber Security Centre. Unlike organisations in other sectors, the threat of a cyber-attack is real if hackers can cause serious economic and reputational consequences and even put passenger safety at risk.

Our key rail, infrastructure and transport cybersecurity services:

From looking to flaws in your security networks and embedded systems to attempting to hack a train carriage, we offer a wide range of rail, infrastructure and transport security testing services.

With many rail, infrastructure and transport organisations utilising historical systems and networks, it’s vital to highlight any vulnerabilities that could be exploited with regular security testing. The NotPetya cyber-attack on Maersk cost the transport company around over $200 million, and provides an epic example of the importance of implementing a sophisticated cybersecurity strategy.

When rail, infrastructure and transport organisations are developing new technologies, it’s important to take a “Secure by Design” approach. If you are a railway operator, this could involve using controlled zones to identify and isolate any threats before they spread or ensuring routine patching of operational systems. Our technical consultants with engineering backgrounds are well placed to assist you with implementing and sustaining a secure by design approach.

We also have consultants who can help you implement strategise your governance, risk and compliance. We can assist with conducting assessments on your current cyber posture for various cybersecurity standards such as IEC 62443, NISD and GDPR, right up to helping you assess the compliance of your supply chain or discovering and evaluating your key assets.

Some of the biggest cyber-attacks on rail, infrastructure and transport organisations can be caused by the simplest of human errors. The only way to tackle this issue is by investing in training and awareness of staff.

Altran’s World Class Center for Cybersecurity offers a variety of bespoke training services. Whether it’s chatting to employees and providing cyber-attack scenarios to help them understand the threats, to sitting down with the Board of Directors to talk strategy, we have expert consultants in place to help.

Rail, infrastructure and transport organisations have endless assets (both physical and informational). Most organisations will use Excel spreadsheets to manage the compliance of these assets against multiple standards in an attempt to detect, mitigate and predict new threats.

This is an almost impossible task in spreadsheets, and that’s why we built SYNERGi, a governance risk and compliance (GRC) platform. The software solution is designed to help you manage your legal and regulatory obligations all in one place, providing overall visibility of your cyber risks.